CVE-2021-47860 – CVE-2021-47860 is a CSRF vulnerability in GetSi... (How to Fix)

Q: What is the severity of CVE-2021-47860?

CVE-2021-47860 has a CVSS score of 5.3 (MEDIUM). CVE-2021-47860 is a CSRF vulnerability in GetSimple CMS Custom JS 0.1 plugin that allows unauthenticated attackers to inject malicious JavaScript into administrator sessions. When an authenticated administrator visits a malicious webpage, attackers can execute arbitrary client-side code that may lead to remote code execution on the server. This affects all GetSimple CMS installations using the vulnerable Custom JS plugin.

📋 TL;DR

CVE-2021-47860 is a CSRF vulnerability in GetSimple CMS Custom JS 0.1 plugin that allows unauthenticated attackers to inject malicious JavaScript into administrator sessions. When an authenticated administrator visits a malicious webpage, attackers can execute arbitrary client-side code that may lead to remote code execution on the server. This affects all GetSimple CMS installations using the vulnerable Custom JS plugin.

💻 Affected Systems

Products:

GetSimple CMS Custom JS Plugin

Versions: Version 0.1

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires GetSimple CMS with the Custom JS plugin installed and activated. The vulnerability is in the plugin, not the core CMS.

📦 What is this software?

Getsimplecms by Get Simple

View all CVEs affecting Getsimplecms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through remote code execution, allowing attackers to install backdoors, steal data, or take control of the hosting environment.

🟠

Likely Case

Administrator account takeover, website defacement, data theft, or installation of malicious scripts/backdoors on the server.

🟢

If Mitigated

Limited impact with proper CSRF protections, web application firewalls, and administrator awareness training in place.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Multiple public exploits exist (Exploit-DB 49712, 49816). Attack requires social engineering to lure authenticated administrator to malicious page.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: N/A

Vendor Advisory: http://get-simple.info

Restart Required: No

Instructions:

1. Remove the Custom JS 0.1 plugin entirely from your GetSimple CMS installation. 2. Delete the plugin files from the /plugins/customjs/ directory. 3. Clear any cached plugin data from your CMS.

🔧 Temporary Workarounds

Disable Custom JS Plugin

all

Deactivate the vulnerable plugin through GetSimple CMS admin interface

Login to GetSimple CMS admin panel > Navigate to Plugins > Find 'Custom JS' > Click 'Deactivate'

Implement CSRF Tokens

all

Add CSRF protection to all admin forms and endpoints

Modify plugin PHP files to include CSRF token validation using GetSimple's security functions

🧯 If You Can't Patch

Implement strict Content Security Policy (CSP) headers to block inline scripts and unauthorized sources
Use web application firewall (WAF) rules to block suspicious POST requests to admin endpoints

🔍 How to Verify

Check if Vulnerable:

Check if /plugins/customjs/ directory exists in your GetSimple installation and contains version 0.1 files

Check Version:

Check the customjs/plugin.php file for version information or examine GetSimple CMS plugins page

Verify Fix Applied:

Confirm the customjs plugin directory is removed or empty, and check admin interface shows plugin as deactivated/removed

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to admin endpoints without referrer headers
Multiple failed CSRF token validations
Unexpected JavaScript file uploads or modifications

Network Indicators:

Cross-origin requests to admin endpoints from suspicious domains
POST requests to /admin/load.php?plugin=customjs without proper authentication flow

SIEM Query:

source="webserver" AND (uri="/admin/load.php" AND query="plugin=customjs") AND method="POST" AND NOT referrer CONTAINS "your-domain.com"

📊 Metadata

CVE ID: CVE-2021-47860

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE: CWE-352

EPSS Score: 0.04% exploit probability (10.8th percentile)

Published: January 21, 2026

Last Updated: March 6, 2026

🔗 References

http://get-simple.info Product
https://github.com/GetSimpleCMS/GetSimpleCMS Product
https://github.com/boku7/gsCMS-CustomJS-Csrf2Xss2Rce Exploit,Third Party Advisory
https://www.exploit-db.com/exploits/49712 Exploit,Third Party Advisory,VDB Entry
https://www.exploit-db.com/exploits/49816 Exploit,Third Party Advisory,VDB Entry
https://www.vulncheck.com/advisories/getsimple-cms-custom-js-csrf-to-xss-to-rce Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-47860, you might also want to check these: